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I. Introduction 


This document provides details of the SKIPJACK and KEA algorithms. The algorithms are 
supported in single chip cryptoprocessors such as CLIPPER (SKIPJACK only), CAPSTONE, 
KEYSTONE, REGENT, KRYPTON and the FORTEZZA and FORTEZZA Plus PC Card 
firmware which runs on them, and also in other FORTEZZA family products. 


II. Algorithms 


This document will discuss the following algorithms: 


SKIPJACK Codebook Encryptor/Decryptor Algorithm 
KEA Key Exchange Algorithm 


A. SKIPJACK Modes of Operation 


SKIPJACK 1s a 64 bit codebook utilizing an 80-bit cryptovariable. The modes of operation are 
a subset of the FIPS-81 description of modes of operation for DES [1]. These include: 


Output Feed-Back (OFB) Modes 
Cipher Feed-Back (CFB) Modes 


64 bit 
64 bit/32 bit/16 bit/8 bit 


Codebook 64 bit 
Cipher-Block Chaining (CBC) 64 bit 
Transmitter Receiver 
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6 Encrypt Mode 
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Figure 1. “Output Feed-Back Modes Diagram” 
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Figure 2. “Cipher Feed-Back Mode Diagram” 
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Figure 3. “Codebook Mode Diagram” 
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Figure 4. “Cipher-Block Chaining Mode Diagram” 















Page 4 of 23 


B. SKIPJACK Specification 


1. Notation and terminology: 


y": the set of all n-bit values. 
word: an element of V!°: a 16-bit value. 
byte: an element of V®: an 8-bit value. 


permutation on V": an invertible (one-to-one and onto) function from V” 
to V". That is, the values are permuted within V”, not 
the bits within the value. 


X BY the bitwise exclusive-or of X and Y. 


Ba 4 X concatenated with Y. Let X, Y be bytes, then 
X||\Y = Xx2°+/Y isaword. Furthermore, X is the 
high-order byte, and Y is the low-order byte. 


2. Basic structure: SKIPJACK encrypts 4-word (i1.e., 8-byte) data blocks by alternating 
between the two stepping rules (A and B) shown below. A step of rule A does the follow- 
ing: 
a. Gpermutes w), 
b. the new w, Is the xor of the G output, the counter, and wy, 
words wy, and w; shift one register to the right; 1.e., become w3, and wy respec- 
tively, 
the new wy, 1s the G output, 
e. the counter 1s incremented by one. 


Rule B works similarly. 





counter 


cryptovariable-dependent 


—- permutation on ye 


Figure 5. “SKIPJACK Stepping Rules” 
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3. Stepping rule equations. In the equations below, the superscript is the step number. 


k+1 
kt] 
Ww 
k+] 
W3 
kel 


ENCRYPT 
Rule A Rule B 
= G‘(wi) ® wi ® counter* wh = we 
k, k k+ | k, k 
= G (w,) W> = G (w,) 
Ws ws = w, ® wy ® counter’ 
k k+] k 
W Wy = W, 
DECRYPT 
Rule A’! Rule B’! 
| el ee = k= be! ok 
[GJ] (w) w, =[G J] (wy) 
- _1_-l see 
ws ws _ ic "| (ws) ® wi ® counter* 
k k-] k 
W, os me WW 
= wi ® ws ® counter’ | wa = wi 


4. Stepping sequence: The algorithm requires a total of 32 steps. 


a. Toencrypt: The input is we, 1<i<4,(.e., k=0 for the beginning step). Start 


the counter at 1. Step according to Rule A for 8 steps, then switch to Rule B and 
step 8 more times. Return to Rule A for the next 8 steps, then complete the en- 
cryption with 8 steps in Rule B. The counter increments by one after each step. 
The output 1s w?, 1<is<4. 


To decrypt: The input is w?*, 1 <i <4, (i.e. k= 32 for the beginning step). 
Start the counter at 32. Step according to Rule B"! for 8 steps, then switch to 
Rule A’! and step 8 more times. Return to Rule B’! for the next 8 steps, then 
complete the decryption with 8 steps in Rule A‘!. The counter decrements by 
one after every step. The output is wi, lsisd. 
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5. G-permutation: The cryptovariable-dependent permutation G on v'® is a four-round 
Feistel structure. The round function is a fixed byte-substitution table (permutation on V’°), 
which will be called the F-table. Each round of G also incorporates a byte of cryptovari- 
able. We give two characterizations of the function below: 


a. recursively (mathematically): G‘(w = gz |lg.) = gsilgg where 

g, = F(g,_; 8cv4g,.;_3) ®8g8;_, and where k is the step number (the first step 
is 0), F is the substitution table, and cv4,,; 3 is the (4k+i-3)"" byte in the cryptova- 
riable schedule. Thus, 


g, = F(g,@Ocv4,) Og, 


84 = P(g; Ocvgp4 1) G8, 
85 = F842 cv4, . 2) O83 
Bo = P85 ceva 43) O84 
Similarly, for the inverse, [G*]~'(w = g;||g,) = g,|lg. where 


8-2 = F(g;_ | Bevays j_3) BB; - 


b. schematically: 


Gr 





Figure 6. “* G-permutation diagram” 


6. Cryptovariable schedule: The cryptovariable is 10 bytes long (labelled 0 through 9) and 
used in its natural order. So the schedule subscripts given in the definition of the 
G-permutation are to be interpreted mod-10. 
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Ox 
1x 
2x 
3x 
4x 
5x 
6x 
7x 
8x 
9x 


Bx 
Cx 
Dx 
Ex 


7. ETable: The SKIPJACK F-table is given below in hexadecimal notation. The high 
order 4 bits of the input index the row and the low order 4 bits index the column. For 
example, F(7a) = d6. 


xO xl x2 =« x3«)= 6x46 x5)= 6 x606= 6x7) 6x8) x9 xA xB xC xD xXxE xF 


[a3 d7 09 83 #8 48 6 ff »b3 21 15 78 99 bl af f 
| e7 2d 4d 8a ce 4c ca 2 52 95 d9 Ile 4e 38 44 28 
| Oa df 02 aO 17 fl 60 68 12 b7 7a c3 © fa 3d 53 
| 9 84 6b ba f2 63 9a 19 7c ae eS f5 f7 16 6a a2 
| 39 b6 7b Of cl 93 81 tb ee b4 la ea dO 91 2f b8 
| 55 b9 da 85 3f 41 bf ec 5a 58 80 Sf 66 Ob d8 90 
| 35 dS cO a7 33 06 65 69 45 00 94 56 6d 98 9% 76 
| 97 fe b2 c2 bO fe db 20 el eb d6 e4 dd 47 4a ld 
| 42 ed 9c 6e 49 3c cd 43 27 d2 O07 d4 de c7 67 18 
| 89 ch 30 If 8d c6 8f aa c8 74 de c9 Sd Sc 31 ad 
| 70 88 61 2 Of Od 2b 87 50 82 54 64 26 7d 03 40 
| 34 4b le 73 di c4 fd 3b cc fb 7f ab e6 3e 5b ad 
| ad 04 23 9 14 51 22 f0 29 79 71 Te fF 8c Oe @ 
| Oc ef be 72 75 6f 37 al ec d3 8e 62 8b 86 10 e& 
| 08 77 Il be 92 4f 24 cS 32 36 9d cf £3 a6 bb ac 
Se 6c a9 13 57 25 bS e3 bd a8 3a Ol 05 59 2a 46 
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C.  KEA Specification 


KEA is a key exchange algorithm. All calculations for KEA require a 1024-bit prime modulus. 
This modulus and related values are to be generated as per the DSS specification [2]. The KEA 
is based upon a Diffie-Hellman protocol utilizing SKIPJACK to reduce final values to an 80 
bit key. 


KEA operations require exponents of length 160 bits. One exponent used in KEA 1s a user 
specific secret component. 


The KEA prOvicss security commensurate with that provided by SKIPJACK. This 1s on the 
order of 2°° operations. 


KEA requires that each user be able to validate the public values received from others, but does 
not specify how that is to be done. 


The devices must be provided the following data in order to implement the Key Exchange 
Algorithm (KEA). 


P 1024-bit prime modulus which defines the field where 
P ~ P1023 P1022 --- Po 


q 160-bit prime divisor of p-/ for public component checking 
d= 4159 1158 10 


g 1024-bit base for the exponentiation. An element of 
order g in the multiplicative group mod p. 


§ — £1023 §1022:--- 80 


x 160-bit user secret number chosen so that (0 < x < q) 
X= X159%X 158 cite XQ 


Y 1024-bit public value corresponding to private value x 
Y= g* mod p = Y 1923 Y1922--- Yo 


pad 80 bit padding value 
pad = pad7gpad7z,.. .pady 
= 72f1a87e92824198ab0b hex. 


r 160-bit random number 
am P12 ols eee | 
A signaling requirement for the determination of the initiator and the recipient of an exchange 


is not necessary. A description of the process follows. For two users A and B, the subscripts A 
and B are used to denote the ‘owner’ of the respective values. 


a. A and B exchange or obtain from a directory the certificate(s) of the far terminal. 
From the certificate(s), the public value Y of the other terminal can be obtained 
along with associated user identification and other information. 
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Each device validates the public key Y to determine that it is indeed the public key 
of a valid user on the network. If the validation fails, the process terminates. If the 
validation checks, go to step c. 


Each device exchanges the random component. Device A generates a 160-bit 
private random number r, and sends the public version of this number 


Ra = 6 4 mod Pp 
Device B generates a 160-bit rp, and sends 
Rp=eg ° mod Pp 


Each of these public random components 1s 1024-bits in length. 


After receiving the public random component and the far end public key, each 
device will check to verify both the received values are of order q. Device A will 
compute and verify: 


L<Rp,V¥a<p 


(Rz)’=lmodp and (Y,)*=1 mod p 
Device B will compute and verify 
1<R,,¥,<p 


(R,)*=1modp and (Y,)*=1 mod p 


If the verification checks, go to step e. Should the verification fail, stop. 


Device A will take Yp and compute the value ¢,,. Device B will compute the 
equivalent value fp, using the received random component 
tag = (Y,) ‘mod p = a Care Pp 
ta, = bea bap = ae eae p= heey Fe 
Each device computes u in a similar manner as they computed 
Ups = (Y ,) ®mod p = i ada 


X ry xX V,fF 
Usp — (Rg) ‘mod p = g” “mod p = ¢g *mod p 


Each device computes w and checks to make sure that 


w = (t+u)mod p#0 


If this check passes, go to step h. Else stop. 
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h. 


This result is split into two sections 


7 w 80 _ w 80 
a (sansa rod? a= (<ronr—ra nod? 


1.e., if we number the bits in w as W193. . . Wo from MSB to LSB, then 
Vi — W1023 --- Wo44 and Vo = W943 -- - We64 


The Key is 


16 isp. 64 


¥2 64 
EY wpa mod 2 


16 
® || ———g ——_® (2 mod2") 


Note that this function represents the encryption of v2 with vl XOR pad. 
Pictorally, 


0 79 0 
v2 ! 
| 16 LSB’s 
ke SKIPJACK 
Encrypt 16 





16 MSB’s 


ee CH 


pad 


SKIPJACK 
Encrypt 16 





79 _ 0 
Figure 7. “Key Formation Diagram” 
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A summary of a full KEA exchange between devices A and B is as follows: 


Device A 


P, 4,8 


XA 


Rp 


tap = (Yp)"™ mod p 
Uap = (Rp) mod p 


w = (tap + Uap) mod p 


vl, v2 


Key 


Device B 
common to both devices Pp, G g 
private key of each device Xp 
Y = g* mod p Yp 
obtain other devices public Ya 
via certificate or sent in msg 
A and B generate random numbers rp 
R=g' mod p Rg 
exchange public random numbers Ra 
check all values received 
compute t = g'*® mod p tpa = (Ra)? mod p 
compute u = g*“"8 mod p upa = (Y,)"2 mod p 
compute w W = (tpa + Upa) Mod p 
and check w # 0 
extract vl and v2 from w vl, v2 
form Key from v1, v2, pad Key 
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D. E-Mail Applications of KEA 


For electronic mail applications where the recipient does not participate in the formation of the 
key, the recipients contribution to the random exchange is replaced with the public key of the 
recipient. For the following, let A be the sender and B be the recipient of the E-mail message. 
We first begin with the formation of the E-mail message. 


1. Sending E-Mail 


a. Device A obtains from a directory or a local cache the certificate(s) of the far 
terminal. From the certificate(s), the public value Yp, of terminal B can be 
obtained along with associated user identification and other information. 


b. Device A validates the public key Y, to determine that it is indeed the public key 
of a valid user on the network. If the validation fails, the process terminates. If the 
validation checks, go to step c. 


c. Device A will then verify: 


l<Y,<p and (¥,)’=1 mod p 
If the verification checks, go to step d. Should the verification fail, stop. 


d. Device A generates the random number ra and computes R, which is placed in 
the message packet to be sent to the far terminal. 


"A 
R,=g modp 


This random component is 1024 bits in length. 
e. Device A will then take Yp and compute the value fp. 
tap = (Y,) “mod p= a ee 
f. Device A computes 


Xx 


Xx X XN yx 
Usp = (Vp) 4mod p =¢g ? 4mod p = g ‘ *mod p 


g. Device A then computes w and checks to make sure that 
w = (typ +uU,,)mod p#0 


If this check passes, go to step h. Else stop. 
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h. This result is split into two sections 


- Ww 80 _ w 80 
“= (stacy mod 2 (Santa Jmod2 


1.e., if we number the bits in w as W993... Wy from MSB to LSB, then 


Vp = W923 ++. Wo44 and v7 = Woq3 - - - Wg64 


1. The Key 1s 


; 
Key = a", ; pa Ee — (i mod 2" 


pe) 64 | 
Ey pad mod 2 } 


748 


a) O (Vv, mod2'°) 


Note that function represents the encryption of v2 with vl XOR pad. 
Pictorally, 


2 3 


16 LSB's 


Ce) key SKIPJACK 
Encrypt 16 





7) 0 16 MSB's 


SKIPJACK 
16 


Encrypt 





79 0 


Figure 8. “ Key Formation Diagram” 
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2: 


Receiving E-Mail 


a. Device B obtains the certificate(s) of the far terminal, A, in the received E-mail 
message. From the certificate(s), the public value Y, of terminal A can be 
obtained along with associated user identification and other information. 


b. | Device B validates the public key Y, to determine that it is indeed the public key 
of a valid user on the network. If the validation fails, the process terminates. If the 
validation checks, go to step c. 


c. Device B receives the random component that A generated. 
4 
R,=g modp 


This random component 1s 1024-bits in length. 


d. Device B will compute and verify: 
1<k,,Y,<p 
(R,)'= I mod p and (ey = 1 mod p 
If the verification checks, go to step e. Should the verification fail, stop. 


e. Device B will take R, and compute the value ftp 4. 


X Pox 
tay = (Ry) mod p = ee ®mod p 


f. Device B computes: 


Up, =~ (Y, \ med p= oo ned p 
g. Device B computes w and checks to make sure that 
w = (tp,tupg,)mod p #0 
If this check passes, go to step h. Else stop. 


h. This result is split into two sections 


_ Ww 80) ok Ww 80 
a = (sran=ay ned 2 V5 = (Sramt—Tay Jed? 


1.e., if we number the bits in w as w)993.. .. Wo from MSB to LSB, then 
¥p = W023 ++ Wogq and v7 = Wo43- . - Wea 
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1. The Key 1s 


16 V9 64 
Key = 2 0 pod 0 p08 mod 2 |] 


Vv 
2 64 
Ey Cy) wh mod 2 


16 
® a ® (v, mod 2 ) 


Note that function represents the encryption of v2 with v1 XOR pad. 





Pictorally, 
79 0 79 0 
v2 3 
16 LSB's 
CY key SKIPJACK 
Encrypt 16 
lh 0 16 MSB's 


SKIPJACK 
16 


Encrypt 





79 0 


Figure 9. “ Key Formation Diagram” 
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A summary of an E-mail KEA exchange between devices A and B is as follows: 


Device A 


Ps 4, § 





common to both devices 


private key of each device 


Y = g* mod p 
send Yq in message 


A obtains B’s public 


from directory or local cache 


A generates a random number 


R=g' mod p 


Device B 


P» 48 


XB 





Ra 


Se ht tt 


tap = (Vp) mod p 
Uap = (Yp)** mod p 


w = (tap + Uap) mod p 


vi, v2 


check all values received 


rAxB 


compute t = g mod p 


xAxB 


compute u = g mod p 


compute w 
and check w # 0 


extract vl and v2 from w 


form Key from v1, v2, pad 


tp, = (Ra)*® mod p 
upa = (Yq)*> mod p 


Ww = (tgpatupa,) mod p 


vl, v2 
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Hil. ANNEX - Test Vectors 


All values are hexadecimal. This data does not imply or specify any interface convention. All 
information is presented with the Most Significant Bit/Byte/Word to the left. X represents “‘don’t- 


care”. 


A. SKIPJACK - CODEBOOK MODE 


Plaintext input: 33221100ddccbbaa 
Cryptovariable: 00998877665544332211 


Intermediate steps: 


DOAN PWN FO 


LO 


10 
a 
12 
ies 
14 
15 
16 
bg 
is 
19 
20 
al 
Ze 
23 
24 
25 
26 
a7 
28 
20 
30 
Sok 
a2 


Ciphertext output: 2587cae27a12d300 


wl _w2 
33221100 
bO0040baf 
e6883b46 
3¢c762da75 
4c4547ee 
b949820a 
£0e3dd90 
£9b9be50 
a79b5599 
dd901le0b 
bes5046e52 
820b7f51 
c391£9c2 
EZOIZSET 
fd5665da 
3a5e69d9 
a7£88990 
9c000492 
VEACCCOY 
3731beb2 
Jatb7e7d 
7759bb15 
£b6445c0 
ap ae es og el 
65a7deaa 
45c0e0f9 
a5 :3 93 
bb148ee6 
ab23bfe2 
281d0da84 
35eeeb6fl 
ladc60ee 
2587cae2 


w3 _w4 
ddccbbaa 
LiV0ddce 
Obaf£1100 
3b460baE 
20753b46 
4'7ee2da75 
820a47ee 
ady0820a 
be50dd90 
820bbe50 
c391820b 
E209 CSO E 
Fa56£209 
3abefd56 
d7£83a5e 
9883da7£8 
53979883 
89905397 
04928990 
ec590492 
beb2cc59 
7Ve7dbeb2 
bb1ibi7e7d 
45cObb15 
PIGIS45C0 
bb141115 
a5b23bb14 
281da523 
35ee281d 
ladc35ee 
25871ladc 
Q3002587 
7ail2da300 
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B. Key Exchange Algorithm (KEA) 


p=9d4c6e6d 42ea91c8 28d67d49 94a9E01b 8e5b5b73 Od0faae7 bd569ddl1 
914e3ad4 759c8053 31ledal45 9fb56be8 a8de4736 652a82b2 76e82acd 
63£5b78d Ob75a03e b340397d be7b3740 8£72136a cbhO879fFe 61c718a3 
7£5154b5 078a7649 fb3d4fb4 c481e010 62c5241f 229fa580 423368dd 
51090dbE 25351f0c 5800de05 b92bab6aI 

q=97ad85fd 2b371led0 69818ab3 c6ee8773 dIdb029d 

g=595d3443 ec897c82 5led5fa9d O2Zab8b75 cOfc57b0 969F880d a366al00 
01912a01 96bcb8ic 41ac8485 031ac598 b548leae 2726b719 d8d9915a 
61059734 72386c0a 6a2c732c d6700d34 1f54bf28 d1i2d692d e2fa05£5 
5e898c2e 20bb8a26 O2dblbaO0 Vde672e3 b9Ib6d9ac2 9al88450 63d918c3 
2e071266 b7833lla Oa8d08ac 487bea44 


ra=6201dd56 237c228a 3£54bc7e 794bdf32 41c6/eab 

xa= 62319ac4 7del4518 Oabd322c 59e2b600 27816494 

Ya=2d29ecd0 2e3497a6 7222d8de bc286131 d149f458 1lb3e586d 0151024c 
O2e8b23d a09a430e 2cad5edla 4b2da7725 62316e4d 2804d226 788284ed 
655cr546 10d38f66 Lablava2 e2d3cool 44019010 ‘97580566 J22aLrir 
734b2adb d2b67£13 O00ce455£ 00968ca7 91a87678 67363d7d 49ee74a2 
8ac349da9 Edfidb96p ClfOrelt 069V0eECI6 


xb = 63decdad 4487eb71 31dff4£f5 Icfbae39 446b9b3d 

rb=52bfald7 2f1lcfOfb OffF6d5d£f 15£fb7483 167eb0e7 

Yb=7730d4bb f3a2efdb 218e7041 3e861020 14cecO06c 205£5419 293b65c6 
9a971e54 55eb79a0 bdb90ab2 14c5240e debcfddd 8c7cl19c5 269d57df 
f60b61c1 db2f£f648 64bee519 87£27003 4bc390ad 73168209 5e42608c 
3A07987£9 649fbF71 6887633e b574b39c c73df899 5Slfclibdé d3889d48 
fe2244b8 29afd405 06ab9221 bad62c07 


Computed by A: 

Ra=97clfd8a 69fc8£34 al74c7ec3 clabl76a b91lfa0ea d0e6b097 Ob6ae07al 
fbf8d0a6 67032ea4 798082b8 caea827b 4£604b71 e6c24469 211363ea 
4bd2122f 4aabaftb9 4857££06 9ab03701 26289057 b4855e70 F£8E7ac4Ff 
92falfe7 6c2a5c82 78lee611 icifbd£t7 abeb9dc3 59a8fca0 bb632ef3a 
2Zaf82e52 c0a/7f6a6 a2c¥9b6lea Fc67£418 


Computed by B: 

Rb=91£61808 38f03d5b 6be538ff 6e0bf3cb I9d8afbbe ef199334 b389708b 
bOc848da 860f0f27 62cc94a8 e496fF8Fc 94945538 cf£6F1719 5S7cee4fl 
e2eca2ba ddb340da £406e636 bbcb6368e 4658fFfbFO lad4lcbef badb4086 
A2d03cec 4e85920c 8e7530bd e2b78cb8 T7cbhae364 31de373c d2ebaf29 
d8412932 8550dd8c £33e03c2 1a5056a0 
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Results for user A: 

uab=1585dbba c06bD963d 6bef5a30e 5c40220b 76fe0528 660be3l1la c496dlcb 
O883ba8e 5a0331e9 ce3fe382 £47a353c edc6896d fdb4c0b5 67aaftd72 
Aba0ff6f 2cO0fa428 fcb07a32 bFEb6FH88e 22c5ca47 Tc9bb9cd 882da4Ft5 
4cc57980 c174352£ 13434623 ce3df2d4 14a9e0fb 7a905fe8 4ab282da5 
e76e703a 55dabb38 27c2979E 08ea28c8 

tab= 8032eb2c b67534a9 c5faf6be aleb6befl de0d3f48 c86be240 8£807e66 
8622b9f3 87eNf50£F ad868bE5 29FEEOO8d 3Bad55e9c 4366bad4 ae4190ce 
bce3aed56£ 34bf£70b6 3ca021dd 563005db bc7e62bb ccc9127a 3603bE00 
be8fce9b f£46bf538 86c4a761 4b43adfe 7282efe4 £9c146b7 1leIF8BIdE 
2bd3c7ed 7d127719 eb£fO0e0F8 79eDd0Aa9 

w=95b8c6e7 76e0cae7 34£099cc fe2b90fd 550b4471 2e77c55b 54175031 
8ea67481 ele426£9 73c66£78 1e7935ca 289be80a 411b7b8a 15ec8e4l1 
O7dbe4de 60cf1l4d£— 39509c10 159fbe69 df442da03 4964cc47 be3l163£f6 
0Ob55481c b5e02a67 YJa07ed85 1981a0d2 872cd0e0 7451a69F 69520cac 
13423827 d2ed3252 13037897 82caf9al 

vl=95b8c6e7 76e0cae7 34£0XXXX 

w2=99ccfe2b 90fA550b 4471 XXXxX 

vl XOR pad = e7496e99 e4628b7£ ILFLDXXXKX 


Key for user A= 740839de e833add4 6b41XXxXxX 


Results for user B: 

tab= 8032eb2c b67534a9 chfafbbe alebtbefl de0d3£f48 c86be240 8E807e66 
8622b9f3 87eOFE5O0£F abd868bE5 29FLO08d 3Bad55e9c 4366bad4 ae4190ce 
be3ae56f 34b£f70b6 3ca021dd 563005db bcJVeb62bb ccc9127a 3603bDf00 
be8fce9b f£46bf538 86c4a761 4b43adfe 7282efe4 £9c146b7 LleIY*E8Id6 
2bd3c7ed 7d127719 ebfO0eQf8 79eDd0d9 

uab=1585dbba c06b963d 6ef5a30e 5c40220b 76feC0528 660be3l1la c496dlcb 
O883ba8e 5a0331e9 ce3fe382 £47a353c edc6896d Fdb4c0b5 6/7aatda72 
Aba0ffF6f£ 2cO0fa428 FEcbhO7a32 bEb6ED88e 22ch5sca47 Tc9bb9cd 882da4E£5 
4cc57980 ¢c174352£ 13434623 ce3df2d4 14a9e0fb 7a905fe8 4ab282d5 
e76e703a 55dabb38 27c2979fF 08ea28c8 

w=95b8c6e7 J6e0cae7 34£099cc fe2b90Fd 550b4471 2e77c55b 54175031 
8ea67481 ele426£9 73c66£E78 1e7935ca 289be80a 411b7b8a 1L5ec8e4l1 
O7dbe4de 60cf14df 39509c10 159fbe69 df£442d03 4964cc47 be3163f6 
Ob55481ic b5e02a67 Ja07ed85 1981a0d2 872cd0e0 7451a69fF 69520cac 
13423827 d2ed3252 13b37897 82caf9al 

vl =95b8c6e7 76e0cae7 34£0XXXX 

vw2=99ccfe2b 90fd0550b 4471XXxXxX 

vl XOR pad = €7496e99 e4628b7£ IFEDXXXX 


Key for user B= 740839de e833add4 6b41XXXxX 
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C.  KEA Exchange for E-Mail 


p=9d4c6e6d 42ea91c8 28d67d49 94a9f01b 8e5b5b73 OdOfaae7 bd569dd1 
914e3ad4 759c8053 31ledal45 9fbb6be8 a8de4736 652a82b2 J6e82acd 
63£5b78d Ob75a03e b34d397d be7b3740 8£72136a chO0879fe 61¢c718a3 
7£5154b5 078a7649 fb3d4fb4 c481e010 62c5241f 229fa580 423368dd 
51090db£ 25351f0c 5800de05 b92babaId 

q=97ad85£fdad 2b37ledO 69818ab3 c6ee8/773 d9db029d 

g=595d3443 ec897c82 5Sled5fa9d O2Zab8b75 cOfc57b0 969F880d a366al00 
01912a01 96bcb81ic 41ac8485 031ac598 b548leae 27260719 d8d99i5a 
61059734 72386c0a 6a2c732c d6700d34 1f£54b£28 d1l2d692d e2fa05£f5 
5e898c2e 20bb8a26 O2dblba0 7de672e3 b9Ib6d9ac2 9al88450 63d918c3 
2e€071266 b78331lla Oa8d08ac 487bea44 


ra= 6201dd56 237c228a 3f54bc7e 794bd£32 41c67eab6 

xa= 62319ac4 7del14518 Oabd322c 59e2b600 2781e494 

Ya=2d29ecd0 2e3497a6 7222d8de bc286131 d149f458 1b3e586d 0151024c 
O2e8b23d a09a430e 2ca5edla 46207725 62316e4d 2804d226 788284ed 
655cf£546 10038f66 fablaQa2 e2d3c661 4401901ld 9758d566 722aff1lft 
734b2adb d2b67f13 OOce455£ 00968ca7 91a87678 67363da7d 49ee74a2 
8dc349da9 fdfdb9b6b OLEOEcLIE 0690ec96 


xb = 63decdad 4487eb71 31dff4£5 lcfbae39 446b9b3d 

Yb=7730d4bb f3a2efdb 218e7041 3e€861020 14cecO06c 205£5419 293b65c6 
9a971e54 55eb79a0 bdb90ab2 14c5240e debcfddd 8c7cl19c5 269da57af 
£60b61c1 dab2£Ef648 64bee519 87£27003 4bc390ad 73168209 5e42608c 
307987£9 649fb£71 6887633e b574b39c c73df899 5Slfclbd6 d3889d48 
fe2244b8 29afd405 06ab9221 bad62c07 


Computed by A: 

Ra=97clfd8a 69fc8£34 av74c7ec3 clabl76a b91fa0ea dQVeE6b097 Vb6ae07al 
fbf8d0ab6 67032ea4 798082b8 caea827b 4£604b71 e6c24469 211363ea 
4pbd2122f 4aa6afb9 4857£F06 9db03701 265289057 b4855e70 [8f7ac4f 
92falfe7 6c2a5c82 78lee611 Iclfbdf7 abeb9dc3 5bY9a8FEcaN bo32ef3a 
2af82e52 cO0a7f6a6 a2c9b6lea fc67/7f418 


Results for user A: 

tab=8032eb2c b67534a9 chfaf6be alebtbefl de0d3f48 c86be240 8£807e66 
8622b9Ff3 87eOE50£F a5d868bFE5 2ZIFFOO8d 3ad55e9c 4366bad4 ae4190ce 
be3aed5b6£ 34b£f70b6 3ca021dd 563005db bc7eb62bb ccc9127a 3603bE£00 
be8fce9b F46bD£538 86c4a761 4b43adfe 7282efe4 F£9c146b7 Lle¥f8I9db6 
2bd3c7ed 70127719 ebf0eQOf8 79eDd0d9 

uab= 17087175 9F16d£EbE bOadcO5e Oee49abd 49586033 I93aa7d£3 3d99bcb61 
68ad318a J7cf£8ifa8 74f4eb04 4433abe0 6423eb2£ lebb3cdb 33067152 
2Z42Q7c£8 987£208d cf£d£3797 6398ccd5 balbdclb 2bfd6734 35dedcc9 
O6bd6d71 a4516738 b91LE2ZaA52 689a2d60 802de96d 150feb61l 469a2643 
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18c8d8f5 YecOQO40ea c623c5la 91d86ldl 

w=973b5ca2 558c1469 769bb71c bOdO09aF 27659ET7c 5c166033 cdlia3ac7 
-eecfeb7e 040914b8 la7b76£9 6be32ac6d 9ef949cb 6221F7af e1480220 
e0686267 cd3e9144 0c7£5974 b9cBd2b1 2b68a3ed6 F£8cb679ae b6He29bcI 
c54a3c0d 98bd5c71 3fe3d1b3 b3dddb5e £2b0d952 Oed1i2d18 6539b019 
449ca0e3 1bd2b804 b214a613 Obb932aa 

vl =973b5ca2 558c1469 769bXXXX 

v2=b71lcb0d0 09af2765 YE7CKXXX | 

vl XOR pad = e5caf4dc c70e55f1 dd90XXxx 


Key for user A= 97fd1lc6b d86bc439 115bXXxXxX 


Results for user B: 

tab= 8032eb2c b67534a9 c5Sfafb6be aleb6befl de0d3£48 c86be240 8f£807e66 
B8622b9£3 87eDES5O0E abd868bE5 29FELE008d 3Badd5e9c 4366bad4 ae4190ce 
be3aeds56£ 34b£70b6 3ca021dd 563005db bc7eb62bb ccc9127a 3603bf00 
be8fce9b £46b£538 86c4a761 4b43adfe 7282efe4 F£9c146b7 lLeIf89IdE 
2Zod3c7ed 7d127719 ebfO0eOf8 79eNd0d9 

uab= 17087175 9f16dfbf bOadcO5e Oee49abd 49586033 93aa7d£t3 3d99bc61 
68ad318a 7cf81fa8 74f4eb04 4433abe0 6423eb2£f lebb3cdb 33067152 
Z24207c£s8 987EZ08d cfldft3797 6398ccd5 balbdclb 2bfd6734 35dedcc9 
O6bd6d71 a4516738 b91E2a52 689a2d60 802de96d 150fe661 469a2643 
18c8d8E5 Gec040ea cb6Z23chsla Jldso6oldl 

w=973b5ca2 558c1469 769bb71ic bOd009aE 27659F7c 5c166033 cdla3ac7 
eecfeb7e 04d0914b8 la7b76£9 b6e32ac6d 9ef949cb 6221F7af e1480220 
e0686267 cd3e9144 0c7f5974 b9cBd2bl 268a3ed6 F8c679ae S6bHe29Ibc9 
c54d3c0d 98bd5c71 3fe3dlb3 b3dddbb5e £2b0d952 0ed12d18 6539b019 
449ca0e3 1bd2b0804 b214a613 Obb932aa 

vl =973b5ca2 558c1469 769bXXXxX 

w2=b71icb0d0 09af2765 YETCXKXXX 

vl XOR pad=e5caf4dc c70e55£1 dd90XxXxx 


Key for user B= 97fd1lc6b d86bc439 115bXXXxX 
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